CVE Is Main Source of Vulnerability Data Used in Tenable’s 2018 Vulnerability Intelligence ReportJanuary 3, 2019 |
Share this article

CVE is the main source of vulnerability data used in Tenable, Inc.'s 2018 Vulnerability Intelligence Report, which discusses “general overall trends in vulnerabilities and operationalized intelligence based on what enterprises actually have to deal with in their own environments.”

The authors of the report found that the “discovery and disclosure of vulnerabilities continue to grow in volume and pace. In 2017 alone, an average of 41 new vulnerabilities were published every single day, for a total of 15,038 for the year. Additionally, the growth in newly disclosed vulnerabilities from the first half of 2018 showed a 27 percent increase over the first half of 2017.”

In the report, the authors “provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments [and] analyze vulnerability prevalence in the wild, based on the number of affected enterprises, to highlight vulnerabilities that security practitioners are dealing with in practice – not just in theory.” From their study, the authors conclude that “managing vulnerabilities is a challenge of scale, velocity and volume. It is not just an engineering challenge, but requires a risk-centric view to prioritize thousands of vulnerabilities that superficially all seem the same.”

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.